Loading
Salesforce now sends email only from verified domains. Read More
Collaborate with Everyone
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure File Upload and Download Security Settings

            You are here:

            1. Salesforce Help
            2. Docs
            3. Collaborate With Everyone

            Configure File Upload and Download Security Settings

            To provide more security, control the way some file types are handled during upload and download.

            Required Editions

            Available in: both Salesforce Classic and Lightning Experience
            User Permissions Needed
            To configure file upload and download settings: Customize Application

            To manage file upload and download settings:

            1. From Setup, enter File Upload and Download Security in the Quick Find box, then select File Upload and Download Security.
            2. Click Edit.
            3. To prevent users from uploading files that can pose a security risk, select Don't allow HTML uploads as attachments or document records.
              This setting blocks the upload of these MIME file types: .html, .htt, .mht, .svg, .swf, .thtml, and .xhtml.
              Warning
              Warning Keep the following in mind when selecting this option:
              • If your organization uses the partner portal to give your partner users access to Salesforce, we don't recommend enabling this setting. Enabling this setting prevents your organization from customizing the appearance of your partner portal.

              • HTML attachments are not permitted on solutions, regardless of whether this security setting is enabled. In addition, this setting does not affect attachments on email templates; HTML attachments on email templates are always permitted.

              • After this setting is enabled, previously-uploaded HTML documents and attachments are unaffected. However, when users attempt to view an HTML attachment or document, their browser first prompts them to open the file in the browser, save it to their computer, or cancel the action.
            4. Set download behavior for each file type:
              1. Download (recommended): The file, regardless of file type, is always downloaded.
              2. Execute in Browser: The file, regardless of file type, is displayed and executed automatically when accessed in a browser or through an HTTP request.
              3. Hybrid: Salesforce Files are downloaded. Attachments and documents execute in the browser.
            5. Click Save.
             
            Loading
            Salesforce Help | Article